THE C PROBLEM
C/C++ responsible for many common bug classes (Buffer
overflows, use after free etc.)
Replacing C is good, but we'll have to live with it for a while
Mitigation: Good, but incomplete.
Dumb fuzzing: Only finds the easy bugs
Template-based fuzzing: a lot of work for each target
KASAN AND SYZCKALLER
KASAN: ASAN for the Linux Kernel.
syzkaller: syscall fuzzing similar to afl
UNDEFINED BEHAVIOR SANITIZER
Finds code that is undefined in C
Invalid shifts, int overflows, unaligned memory access, ...
Problem: Just too many bugs, problems rare
There's also TSAN (Thread sanitizer, race conditions) and
MSAN (Memory Sanitizer, uninitialized memory)
AFL AND NETWORKING
Fuzzing network connections, experimental code by Doug
Usually a bit more brittle than file fuzzing
Not widely used yet
AFL AND ANDROID
Implementation from Intel just released
Android Security desperately needs it
WHAT HAS THIS TO DO WITH FREE
Remember the many eyes principle?
"Free software is secure - because everyone can look at the
source and find the bugs."
We have to actually *do* that.
QUESTION TO THE AUDIENCE
Do you develop / maintain software? In C?
Do you know / use Fuzzing and Address Sanitizer?
If not: Why not?
THANKS FOR LISTENING
Use Address Sanitizer!
Fuzz your software.